Hardware Wallet Doesn’t Store Private Keys to Surpass Cold Storage

Published at: Feb. 20, 2019

A payments technology company has created a hardware wallet that addresses the “flawed approach” used for cold storage — and eliminates the physical storage of private keys.

Instead of storing private keys on a device — a “potential security problem” — Bitfi says it has developed technology that does not store any data or private keys. Instead, the company’s hardware uses a deterministic algorithm to calculate the private key at the moment of a transaction. This means that the private key comes into existence for a fraction of a second and vanishes immediately afterward. This technology is meant to overcome the risk of total loss should a hardware wallet be lost, seized or stolen.  

Bitfi recommends creating a seven-word passphrase by using its Diceware method, which offers greater entropy. However, the company says that those who own its wallet have the option to memorize their passphrase. It encourages users to leave 24-word mnemonic seeds behind in favor of a seven-word alternative. Combined with no physical storage of private keys, the company argues this better protects users against attacks — as memorizing a shorter phrase eliminates the need to write down a seed, something a malicious actor could access.

The company says it eliminates the possibility of wallet funds being lost if a physical device is stolen by ensuring that no data is stored on the hardware itself, meaning that hacking the wallet is “fruitless.” This approach also offers greater protection to users in the event that their wallet is damaged or lost following natural disasters such as fires, floods or earthquakes.

Bitfi argues the practice of storing private keys on hardware wallets and connecting such devices to a computer creates an unacceptable risk of this sensitive information being obtained by hackers or malware, especially during physical attacks.

Making amends

Last year, Bitfi described its hardware wallet as the “world’s first unhackable device” — but the company has now withdrawn this claim.

The company had established a bounty hunt — initially offering a $100,000 prize, but which was then raised to $250,000 — for the first person who managed to hack its device. As reported by Cointelegraph this summer, this initiative was spearheaded by infamous investor John McAfee.

Bitfi is available here

Although reports began to emerge that security experts had unearthed vulnerabilities, Bitfi claimed that these breaches did not satisfy the conditions of the six-figure bounty, which required researchers to extract funds from the device — and the company then went on to create a second bounty hunt with a smaller reward of $10,000 for “man-in-the-middle” vulnerabilities. Both bounty programs have subsequently been closed, but the company says it will soon introduce a new program with the launch of the new DMA-2 wallet.

Bitfi has described the incident as a disagreement with the infosec community, and says that the initial model that was the subject of the bounty program is no longer being shipped, as it has been superseded by a new model with additional features.

Simple, yet secure

Bitfi says crypto wallets need to offer a blend of high security and user friendliness, as otherwise, inexperienced owners of crypto assets risk losing their funds by accident. The company says no technical skill is required to use its product, and the device itself receives new features and security updates automatically from Bitfi’s node in real time.

This helps to reduce the chance of a user downloading corrupt software — and it also means users will be able to benefit from new features, such as support for additional cryptocurrencies, instantly. Overall, the company says that this ensures its devices are “never outdated or obsolete.”

In January, Bitfi integrated an all-in-one privacy cryptocurrency known as Apollo, and a blog post written by the coin’s team says it “combines mainstream crypto features into an unregulatable platform.”

Bitfi says that worries about safe cryptocurrency storage are a major hurdle in the quest for mainstream adoption — and it hopes that its solution, combining security with a device that is as “easy to use as an ATM,” will help drive growth for Bitcoin and other important assets.

Learn more about Bitfi

Disclaimer. Cointelegraph does not endorse any content or product on this page. While we aim at providing you all important information that we could obtain, readers should do their own research before taking any actions related to the company and carry full responsibility for their decisions, nor this article can be considered as an investment advice.

Tags
Blockchain
Bitcoin
Cryptocurrencies
Wallet
Security
Private Keys
Related Posts
What happens if you lose or break your hardware crypto wallet?
Hardware cryptocurrency wallets are known for granting users full control of their crypto and providing more security, but such wallets are prone to risks such as theft, destruction or loss. Does that mean that all your Bitcoin (BTC) is lost forever if your hardware wallet is lost, burned or stolen? Not at all. There are a number of options to restore cryptocurrency for someone who has lost access to their hardware wallet. The only requirement to recover crypto assets, in that case, would be maintaining access to the private keys. A private key is a cryptographic string of letters and …
Blockchain / June 14, 2022
Overview of Software Wallets, the Easy Way to Store Crypto
Similar to a bank account for fiat currency, a crypto wallet is a personal interface for a cryptocurrency network that provides reliable storage and enables transactions. Whether a cryptocurrency is securely stored or not, much depends on the wallet, which is only as secure as its private keys. Wallets are generally either hot or cold. The funds in a hot wallet can be spent at any time, online. A cold wallet functions in contrast: not intended for regular cryptocurrency transactions, but funds can be received at any time. Wallets can also be divided into three groups: software, hardware and paper. …
Blockchain / March 29, 2020
How Cryptographic Keys Development Will Drive Digital Asset Adoption
As the price of Bitcoin (BTC) crept up in recent months, it appears public interest in digital assets is once again on the rise. Newcomers to the sector these days have it far easier than those who joined in the earlier days. Since 2017, we have seen an inflow of institutional investment, increasing the availability of crypto derivatives, and a vast array of new exchanges, custodians and wallets entering the market. However, the industry still lacks a fundamental capability, which is perhaps the most significant barrier to adoption for new users — a guarantee of fund security. Even now, in …
Adoption / March 12, 2020
Overstock’s tZero Launches Mobile Crypto App Touted as Hack-Resistant
tZero, United States retail giant Overstock’s crypto subsidiary, has launched a digital wallet and exchange app for crypto, the company officially announced in a tweet on June 27. The firm calls its new mobile crypto app a hack-resistant solution for trading and storing cryptocurrencies, tZero CEO Saum Noursalehi said in a press release to Reuters. Noursalehi explained that the application will store private keys directly on users’ smartphones, which is expected to provide maximum security, in contrast to “more vulnerable, third-party exchanges for custody.” Moreover, tZero’s private key recovery system will allow users to restore their funds in case if …
Adoption / June 27, 2019
What are hierarchical deterministic (HD) crypto wallets?
Are HD wallets safe? HD wallets are as secure as the medium (physical or digital) on which they are stored. BIP-32 enables an HD wallet to produce a tree-like hierarchical structure of private keys from the seed. As a result, if a device is lost or destroyed, the seed backup can be used to restore the wallet along with all of the tree’s private keys. Hierarchical deterministic wallets offer enhanced security and privacy compared to non-deterministic wallets. They are secure because a new address is issued for every new transaction. Therefore, hacking them is a challenging and intricate process. Additionally, …
Blockchain / Jan. 19, 2023